KNOWLEDGE DATABASE

A software vulnerability that is unknown to the vendor. The term "zero-day" refers to the fact that the vendor has had zero days to fix the flaw before it is exploited.

A social engineering attack used to steal user data, including login credentials and credit card numbers, by masquerading as a trusted entity.

A decoy system or server deployed alongside production systems within a network. It is designed to entice cyberattackers and detect, deflect, or study hacking attempts.

Malware designed to deny a user or organization access to files on their computer. By encrypting these files and demanding a ransom payment for the decryption key.

A network of private computers infected with malicious software and controlled as a group without the owners' knowledge, typically used to send spam or launch DDoS attacks.

A network security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks, such as the public Internet.

A vulnerability where an attacker interferes with the queries an application makes to its database, allowing access to data that is usually hidden.

Distributed Denial of Service. An attack meant to shut down a machine or network, making it inaccessible to its intended users by flooding it with traffic.

An attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other.

A trial-and-error method used to obtain information such as a user password or PIN. Automated software is used to generate a large number of consecutive guesses.

A vulnerability that allows an attacker to inject malicious client-side scripts into web pages viewed by other users, often to steal session cookies.

A collection of malicious software designed to enable access to a computer or an area of its software that is not otherwise allowed (usually at the Kernel level).

The psychological manipulation of people into performing actions or divulging confidential information. It relies on human error rather than software bugs.

"Malicious Software." An umbrella term for any code designed to disrupt, damage, or gain unauthorized access to a computer system (e.g., Viruses, Worms).

A network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules.

Surveillance software (or hardware) that has the capability to record every keystroke you make to a log file, often used to steal passwords.

A service that encrypts your internet traffic and masks your online identity by hiding your IP address and routing data through a secure tunnel.

A type of malware that is disguised as legitimate software. Users are tricked into loading and executing it on their systems.

The process of converting information or data into a code (ciphertext), especially to prevent unauthorized access. It is the backbone of modern privacy.

A mathematical function that converts a numerical input value into another compressed numerical value. The input cannot be retrieved from the hash (One-Way).

Software with malicious behavior that aims to gather information about a person or organization and send it to another entity in a way that harms the user.

A standalone malware program that replicates itself to spread to other computers. Unlike a virus, it does not need to attach to an existing file to run.

Intrusion Detection Systems (monitor only) and Intrusion Prevention Systems (monitor and block). They analyze network traffic for signs of known cyberattacks.

(Pen Test). An authorized simulated cyberattack on a computer system, performed to evaluate the security of the system and find vulnerabilities before criminals do.

The process of monitoring and capturing all data packets passing through a given network. Tools like Wireshark use this to analyze traffic or steal credentials.

A situation in which a person or program successfully identifies as another by falsifying data (e.g., Caller ID spoofing, IP spoofing) to gain an illegitimate advantage.

The exploitation of a valid computer session—sometimes called "Cookie Theft"—to gain unauthorized access to information or services in a computer system.

A group of security professionals who act as adversaries to an organization's security posture. They simulate real-world attacks to test defenses.

A group of individuals who perform an analysis of information systems to ensure security, identify flaws, and verify the effectiveness of defensive measures.

A security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity.

Cross-Site Request Forgery. An attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated.

Public Key Infrastructure. A set of roles, policies, and hardware needed to create, manage, distribute, and revoke digital certificates and public-key encryption.

Random data added to a password before it is hashed. This prevents attackers from using "Rainbow Tables" (pre-computed hash lists) to crack passwords.

A form of brute force attack that defeats authentication mechanisms by trying hundreds or millions of likely possibilities, such as words in a dictionary.

A massive precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. It makes cracking faster than pure brute force.

A vulnerability where an application allows a user to input a file path (like `../../etc/passwd`), causing the server to display internal files it shouldn't.

Similar to LFI, but allows an attacker to load a malicious file from an external server (e.g., `http://evil.com/shell.php`), executing code on the victim.

The practice of concealing a file, message, image, or video within another file. For example, hiding malware code inside a harmless `.jpg` image.

World Wide Web content that exists on darknets (overlay networks) that use the public Internet but require specific software (like Tor) and authorization to access.

The Onion Router. Free software for enabling anonymous communication. It directs traffic through a worldwide, volunteer overlay network to conceal location.